Security Information and Event Management (SIEM) and correlating log message data for automated threat detection. It is possible to provide notifications in real-time for security threats through correlation engines that scan log files looking for behavioral patterns that are outside the parameters of what constitutes normal network behavior. Additionally, these tools can provide auditing and forensic capabilities related to SIEM requirements as determined by PCI DSS, HIPAA, SOX, FISMA, NERC and many others.
Why is this of importance to you?
It is not enough to merely collect log data anymore. You need to uncover the meaning in the data that provides decision support for you to manage security threats and provide an audit trail for forensic analysis and compliance. It is impossible, however, to pour through millions of message data looking for potential threats; you need some time of correlation and automation. This paper describes one proven, and time-tested approach to managing log messages and some technical details on how the SIEM system works.
How do you get this white paper?
Simply fill out the form on the right and you will be able to download a PDF version of this document.